My guess is that the solution with apache works becouse even if apache switces to https, it still talks to tomcat via plain http, and since the objects are in tomcat's session, and tomcat doesn't need to switch to https, it will not create a new session.
On Monday 16 December 2002 20:41, Joseph Shraibman wrote: > But that doesn't explain why apache would be any better at that than > tomcat. > > James Higginbotham wrote: > > That's probably the case if you were using cookies to track sessions. > > The cookie spec mentions that the port is also part of the scope of a > > cookie, so when you went from www.foo.com:80 to www.foo.com:443 you > > changed the scope of the original cookie and thus created a new > > "session" on the server side. The fix is to either change the cookie's > > domain to be foo.com rather than www.foo.com, which will make it match > > to all servers in that domain on all ports. At least, this seems to be > > what I remember the issue being several years ago for a similar > > deployment I did. > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> For additional > commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
